Skip to content

[codex] Fix esbuild audit finding#7

Merged
biggora merged 1 commit into
mainfrom
codex/fix-2checkout-esbuild-audit
Jun 14, 2026
Merged

[codex] Fix esbuild audit finding#7
biggora merged 1 commit into
mainfrom
codex/fix-2checkout-esbuild-audit

Conversation

@nahremenkova1

Copy link
Copy Markdown
Collaborator

Summary

  • Add an npm override pinning transitive esbuild to 0.28.1
  • Refresh package-lock.json so tsup, bundle-require, and vite resolve the patched esbuild build packages

Why

Today's 2checkout daily check found npm audit --audit-level=high failing on GHSA-gv7w-rqvm-qjhr / GHSA-g7r4-m6w7-qqqr through esbuild@0.27.7. tsup@8.5.1 currently depends on esbuild@^0.27.0, so the minimal compatible remediation is an npm override until upstream widens the range.

Verification

  • npm audit --audit-level=high
  • npm test
  • npm run typecheck
  • npm run build

Co-Authored-By: Paperclip <noreply@paperclip.ing>
@nahremenkova1 nahremenkova1 marked this pull request as ready for review June 14, 2026 08:09
@biggora biggora merged commit 838625f into main Jun 14, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants